1. Field of the Invention
The present application relates generally to a computer implemented method, a computer program product, and a data processing system. More specifically, the present invention relates to a computer implemented method, a computer program product, and a data processing system for selecting a web service from a service registry based on audit and compliance qualities.
2. Description of the Related Art
In the information security industry, audit is a fundamental component of any security solution. Audit creates a trail of security-focused events. Compliance is a processes for assessing a given security solution's conformance to a government, industry, or internal description of security directives, specifications or processes.
Collecting, storing and analyzing audit data is often part of a compliance program. A system or service will often implement such audit functions when determining compliance.
In a technical environment based on service oriented architecture, services are often catalogued in a service registry, such as WebSphere Service Registry and Repository, or a Universal Description Discovery and Integration (UDDI) directory. Service registries such as these allow service consumers to search for a service based on various attributes, and retrieve the service definition. The Web Services Definition Language, or WSDL, is a standard for describing the interface of a web service.
Having web service consumers aware of the specific audit and compliance attributes is becoming increasingly important. However, certain audit and compliance attributes might be more important to certain services, and service consumers than other audit and compliance attributes, such that providing a litany of these attributes might not be necessary or desirable for a specific application.
By way of example, a particular web service that is considered to be reputable may advertise comprehensive auditing. However, a certain user may wish to use a service that has demonstrated compliance with an applicable government regulation, such as Sarbanes-Oxley (SOX). Similarly, a service customer may require the use of a service that advertises compliance with a government or industry regulation in order to preserve their own organization's compliance, such as maintaining compliance with the Health Insurance Portability and Accountability Act. Additionally, a service that advertises comprehensive auditing may be considered a threat to the privacy of personal data by some consumers. If a user purchases a product from an online site, the user may prefer that no record of the transaction be retained in order to prevent the misuse of any stored information in a future targeted marketing scheme.